Charles Hoskinson Points to Cardano and Midnight as Fix for Cross-Chain Flaws Behind KelpDAO Hack

Key Takeaways:

• An attacker exploited KelpDAO’s cross-chain span connected April 18, stealing 116,500 restaked ETH worthy astir $292 million.
• The breach triggered much than $13 cardinal successful DeFi TVL outflows wrong 48 hours, hitting Aave, Compound, Morpho, and astatine slightest 9 different protocols.
• Charles Hoskinson says Midnight’s zero-knowledge proofs and multi-party computation could forestall this people of onslaught from repeating.

Hoskinson Explains Why Cardano’s Non-Custodial Staking Sidesteps Restaking Risk

Charles Hoskinson, laminitis of Cardano and Ethereum co-founder, broke down the onslaught successful a video published from Wyoming, walking viewers done a customized artificial quality (AI)-generated incidental study website.

“The modular DeFi menace exemplary assumes smart contract bugs are the ascendant risk,” Hoskinson said. “That’s not existent anymore.”

He added:

“Bridges tin beryllium precise problematic. A one-of-one verifier is not good. Don’t bash that. And past the occupation is that if they bargain the money, DeFi lending is the exit condition. So basically, you tin deposit, you tin lend, and erstwhile you get those tokens, you’re getting tokens unconnected to the theft, and the collateral is poisoned effectively.”

The attacker submitted a spoofed Layerzero connection that reached the endpoint v2 declaration connected to Kelp’s restake adapter, which past released the tokens from an Ethereum escrow. The forged packet claimed Uni-Chain endpoint ID 30320 arsenic its source. Kelp’s cross-chain configuration relied connected a azygous decentralized verifier network, a one-of-one setup that gave the attacker a azygous constituent to compromise.

The stolen tokens were not sold straight connected decentralized exchange ( DEX) platforms, which would person crashed the price. The attacker deposited the restaked ETH arsenic collateral successful lending markets similar Aave earlier Kelp oregon its partners could frost positions, borrowing liquid wrapped ether against it and walking distant with assets unconnected to the archetypal theft. The poisoned collateral remained wrong the borrowing markets.

Llamarisk’s joint incidental report, published April 20, confirmed 83,471 ETH equivalent dispersed crossed 7 attacker wallets connected Ethereum halfway and Arbitrum. The study outlined 2 solution scenarios. The archetypal socializes a 15.12% haircut crossed each restaked ETH holders, producing astir $123 cardinal successful atrocious indebtedness absorbed by Ethereum core’s reserve. The 2nd isolates losses astatine the furniture 2 ( L2) level, repricing tokens to 26.46% backing and generating astir $230 cardinal successful atrocious indebtedness concentrated crossed Mantle, Arbitrum, and Base, portion leaving Ethereum halfway untouched.

Aave unsocial saw betwixt $6.6 cardinal and $8.45 cardinal successful outflows. Wrapped ETH pools connected Arbitrum, Base, Mantle, Linia, and Plasma deed adjacent 100 percent utilization, efficaciously blocking withdrawals. At slightest 9 DeFi protocols were classified arsenic straight affected, including Compound, Morpho, Lido, Ethena, Pendle, Euler, Beefy, and Lombard Finance.

Three abstracted post-mortems person been published by KelpDAO, Layerzero, and Llamarisk. None hold connected wherever work sits. Layerzero announced April 20 that it would nary longer motion oregon attest messages for immoderate exertion moving a one-of-one DVN configuration, pushing a protocol-wide migration to multi-verifier setups. Kelp maintains that Layerzero’s default configuration shipped with single-source verification crossed Ethereum, BNB Chain, Polygon, Arbitrum, and Optimism, and that allegedly 40% to 50% of each Layerzero OFT applications presently usage the aforesaid one-of-one setup.

Onchain forensics suggest connections to the Lazarus Group, a state-sponsored hacking corporate linked to North Korea. No autarkic forensics steadfast has issued a ceremonial attribution, and the FBI has not commented publicly.

Hoskinson: ‘If You’re successful Cardano Land, You Just Click Delegate … We’re Liquid Non-Custodial’

Hoskinson pointed to the onslaught arsenic grounds that span verification failures person replaced smart contract bugs arsenic the superior DeFi menace vector. He cited the $46-minute model betwixt the archetypal drain and Kelp’s exigency intermission arsenic a motion that incidental effect matters but cannot outrun the velocity astatine which stolen assets tin beryllium deployed into lending markets.

“What makes this caller is the contagion,” Hoskinson explained successful his video. “It wasn’t conscionable a span hack. It dispersed to lending, which past created atrocious indebtedness contagion wrong these lending protocols. It created a slope run, and we saw $13 cardinal of TVL pulled successful a precise abbreviated play of clip for a $290 cardinal hack. That’s a situation of confidence.”

He framed Cardano‘s little vulnerability arsenic a relation of its liquid, non-custodial staking design, which removes the request for the staking-to-liquid-staking-to- restaking wrapper concatenation that created the onslaught aboveground astatine Kelp. Hoskinson argued that Midnight, Cardano’s privacy-focused sidechain, addresses the halfway vulnerabilities involved.

Its Nightstream protocol folds full concatenation states into proofs that question alongside cross-chain messages, making forged messages verifiable earlier acceptance. “When radical nonstop messages, they tin verify that what they’re seeing is correct,” helium said. Multi-party computation enactment connected Midnight would let Layerzero to deploy turnkey two-of-three oregon five-of-seven DVN configurations with little operational friction.

Zero-knowledge proofs would artifact poisoned messages astatine the verification layer. Network anonymization would marque the DDoS constituent of this people of onslaught harder to execute. He said AI tools, including frontier models reportedly accessible to the Lazarus Group done bribed insiders astatine large AI labs, are enabling attackers to scan full codebases for emergent vulnerabilities that nary azygous quality reviewer would detect.

“Hacks are a portion of life,” helium said, “and they’re going to get much, overmuch worse for everyone.”